Locked users can connect using SSH keys

Hello,

Using Debian Jessie, configured with fusiondirectory repo : deb http://repos.fusiondirectory.org/debian-jessie jessie main Version installed is 1.0.9.1-1. Plugin SSH installed and fusiondirectory-plugin-ssh-schema installed/inserted on my SLAPD server.

I use a ssh-ldap-pubkey script on my servers to connect using public key authentication. When I lock a user in fusiondirectory, he can still connect to the server using his private key (no more sudo possible).

I think the way the user is locked is by adding a "! " to the encrypted password, so the ssh keys are not impacted... It could be OK to do the same thing on all the sshPublicKey attributes of the account ? ex : ssh-rsa !AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Or adding a keyword (diabled ?) at the begining of the key ? ex: disabled-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD....

Regards

(from redmine: issue id 4473, created on 2016-01-21, closed on 2016-01-22)

Relations:
- copied_to #4385
Changesets:
- Revision 0a307a66 by Côme Chilliet on 2016-01-21T03:19:44.000Z:

Fixes #4473 altering SSH keys when user is locked

Revision fafeee2b by Côme Chilliet on 2016-01-21T03:27:40.000Z:

Fixes #4473 altering SSH keys when user is locked

Revision 10423606 by Côme Chilliet on 2016-01-21T03:28:00.000Z:

Fixes #4473 altering SSH keys when user is locked

Custom Fields:
- Bug in version: 1.0.9.1